CSRF Chatbox.

Publicated on : 1202735797
So back to the fun stuff, since there is also fun stuff going on. Actually CSRF is one of the most underestimated issues today in security, which is capable of more things than we like to believe on first sight. Re-configuring your router is one problem, ordering or influencing auctions are another.



Gareth Heyes set-up some interesting chatbox that utilizes CSRF to communicate. It abuses delicious to set up a connection and you are really able to chat with other people due to a feature inside the delicious website. CSRF can abuse this and makes this possible to communicate through the delicious website. It saves urls to one account on delicious and reads the JSON data. Delicious does use tokens: they have a token on the post url page. But Gareth simply puts an iframe overlay on it and abuses it accordingly.



So join us in the world's first Cross Site Request Forgery chatbox!